vlc: Multiple vulnerabilities (CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776 CVE-2019-14777, CVE-2019-14778, CVE-2019-14970)
- CVE-2019-13962: Fix a read buffer overflow in the avcodec decoder
- CVE-2019-14437, CVE-2019-14438: Fix a read buffer overflow in the OGG demuxer
- CVE-2019-14498: Fix a division by zero in the CAF demuxer
- CVE-2019-14533: Fix a use after free in the ASF demuxer
- CVE-2019-14534: Fix a null dereference in the ASF demuxer
- CVE-2019-14535: Fix a division by zero in the ASF demuxer
- CVE-2019-14776: Fix a read buffer overflow in the ASF demuxer
- CVE-2019-14777, CVE-2019-14778: Fix a use after free in the MKV demuxer
- CVE-2019-14970: Fix a buffer overflow in the MKV demuxer
Affected Versions:
VLC media player 3.0.7.1 and earlier for most issues
Fixed In Version:
vlc 3.0.8
Reference:
https://www.videolan.org/security/sb-vlc308.html
Affected branches:
-
master (f8938137) -
3.10-stable